Configuration drift is the gradual difference that develops between the intended secure configuration of a system and the way it is actually running.
Configuration drift is the gradual difference that develops between the intended secure configuration of a system and the way it is actually running. In plain language, it means the environment slowly stops matching the approved baseline because of manual changes, exceptions, or inconsistent updates.
Configuration drift matters because security programs depend on predictable control states. If servers, cloud policies, or workload settings drift away from the approved design, exposures can appear without anyone planning them.
It also matters because drift makes troubleshooting, auditing, and incident response much harder.
Configuration drift appears in cloud infrastructure, containers, endpoint fleets, Cloud Security Posture Management, and infrastructure-as-code programs. Teams connect it to Security Baseline, Change Management, and Patch Management.
It is a common root cause behind environments that were once secure on paper but no longer match the intended model.
A cloud storage bucket was originally private, but a later manual change opened broader access for troubleshooting and the setting was never restored. Months later, the live environment no longer matches the documented security baseline.
Configuration drift is not the same as an approved change. Approved change can be healthy and controlled, while drift describes divergence that was not intentionally maintained within the desired baseline.
It is also broader than one misconfiguration. Drift is the accumulation of differences over time.